Posted
by
samzenpuson Wednesday March 20, 2013 @07:41PM
from the new-rules dept.

judgecorp writes "A new manual for cyber war has been compiled by international legal experts and published by NATO. The manual proposes that hospitals and dams should be off-limits for online warfare, and says that a conventional response is justified if an attack causes death or serious damage to property. The manual might get its first practical application today — South Korea's TV stations and banks have come under an attack which may well originate from North Korea."

You nailed it. These are just excuses that the Obama administrations are searching for to go to war. At no point, conventional war should be responses should ever be used. This confusions of words ("online warfare", or "Cyber pearl harbor", etc.) should be always denied.

So when the Chinese hack America from an infected Swiss machine the US will bomb Switzerland? From outside it looks like that the military class has a disproportionately large influence in American politics.

My thoughts exactly. Plus, use of a proxy could create the equivalent of digital Al Qaeda cells, and if the Geneva Convention analogy is extended then there's no nation state to target. (GC is only for 2 or more nations in hostilities, not independent terror groups or internal conflicts) The entire concept sounds like a knee jerk reaction by people who don't understand how Big Al's innerweb works.

Our adversaries are already using proxies and launching attacks from inside the US from compromised US companies and civilians. I think you underestimate the DOD's ability or desire to attribute attacks to the appropriate party before responding. We know damn well who, how, and where from the majority of the intrusions and attacks are coming from.

If there is a significant cyber attack that causes extensive physical damage or casualties, then by all rights it's an act of war and an appropriate response is w

But we're talking digital here. Anything can be a false flag (intentional or not) when it only takes a few black hats with a grudge to cause some serious damage. Even if we could perfectly trace any attack to it's true country of origin (and we can't) this online Rules of Engagement is a farce. If some jackass in BFE Wherever, USA gets bored and decides to DDOS a hospital up in Canada, does that put the USA as a whole in violation of this treaty? Should Canad

Don't worry, China is on track [economist.com] to outpace the US in military expenditures by 2023 [bloomberg.com]. I'm sure that's all for "peaceful regional defense" and will have no impact on the US.

Great snippet: ""The N.S.A. would ask, 'Can the Chinese be that good?' " the former official told me. "My response was that they only invented gunpowder in the tenth century and built the bomb in 1965. I'd say, 'Can you read Chinese?' We don't even know the Chinese pictograph for 'Happy hour.'"

To say nothing of the more recent news.

But yes, yes...this is all about "false flag" attacks, because naturally the US is always the evil aggressor, and there has never been any oppression or tyranny in the world, save for what the US has foisted upon it. The principles of freedom for which the US stands are just an illusion force fed to a compliant public by the lapdog mainstream press. In fact, we probably have secret time machines so we could extend this evil beyond our nation's short existence in this world. That explains all the bad things that happened before we were around.

They very likely outspend us in miltary by a great deal. All that we know about is what they tell the world. However, what they tell the world would not even support their sub program, let alone the entire PLA.

Oh, good god. I hate it when ppl bring up the crap about defense spending and have absolutely NO idea of what they are talking about. The first thing is that you have NO fucking idea of how much spending China does. You only know what they tell you. OTOH, you DO know how much western nations spend.
Secondly, there is the issue of how much something will buy. If China tells their gun manufacturer to sell them copied firearms of ours at $10 per, while We have to buy our at $2000 / unit, well, that is a HUGE

China's military might be able to buy things for a fraction of what it costs the Pentagon to buy something comparable, but they also have to deal with the flip side of the equation -- it's hard enough to verify that high-quality components were used to build hardware when you have the kind of supply-chain culture the US defense industry does, and it's technically possible to read the laser-etched code off of a bolt and trace it all the way back to the miners who were working the day the ore was excavated fr

Residents of Manhattan might head outside the next morning to a city that's largely intact, and eventually see photos of the smoldering cratered wastelands that used to be the Jersey Shore and Appalachia.

Fortunately, the Geneva Convention specifically excludes non-state combatants from its protection. Mercenaries, terrorists and insurgents/freedom-fighters are all excluded. The moment you take up arms without being in the military, you are not covered by it.

In the eyes of the law and under the requirements of justice prove it, until then they are innocent and only suspects. So either the Geneva Convention or the rule of law apply, take your pick or declare yourself the terrorist and criminal.

In any cyber attack the results in loss of life, first up those responsible for security should be audited and punished if they failed.
Question that need to be asked, did it need to be connected to the internet, was it effectively isolated, how rapidly was an incursion

Fortunately, the Geneva Convention specifically excludes non-state combatants from its protection. Mercenaries, terrorists and insurgents/freedom-fighters are all excluded. The moment you take up arms without being in the military, you are not covered by it.

Indeed, but you are still covered by the civilian laws of that country. Terrorists are arrested, tried and convicted for murder and sent to prison, not indefinitely detained and tortured.

Fighting dirty in a war tends to piss off the world at large and is very costly in terms of international relations. Which in turn has strategic implications if you need their support in the future, or if they may choose to retaliate out of principle.

As an example, I cite how the Holocaust was the main factor resulting in the Nuremberg trials.

Hitting someone below the belt is a good way to bring your opponent down, but your victory will be short lived if you get an army of outraged fans climbing the ropes

These people still do not understand the basics of networked systems. Adherence to this proposed list requires several things which are absent on the global telecommunications networks. First, determining who's attacking. In conventional warfare, attributation is easy: They're wearing distinctive uniforms. Computer viruses and malware doesn't have an embedded flag in it to tell you which government sent it, and even if it did, it couldn't be trusted. Second, attacks that are meant to go after one thing can inadvertently hit something else (collateral damage). This is usually geographically-based in the real world... if a hospital happens to be next to a military munitions depot, umm, oops? But online, the hospital could be in another country and yet still be hit by the attack, because its digital signature is similar to the actual target. Either it's on the same network, or has a similar network address, or even a simple one character typo, is all it takes to send a "cyber bomb" (gags) veering off target. And last, but not least... you can have all the countries on Earth sign this and it still leaves out the guns for hire, the mercenaries. The A-Teams of the digital world: Freelancers. They don't have to go by your rules, and if a hospital happens to have a juicy source of personal information that could be turned into cash through extortion, blackmail, or reselling, they may just decide to go for it.

This document underscores just how little our military and political leaders understand about this new theatre of war. They're drafting up treaties without even knowing where the borders are yet.

In conventional warfare, attributation is easy: They're wearing distinctive uniforms. Computer viruses and malware doesn't have an embedded flag in it to tell you which government sent it, and even if it did, it couldn't be trusted.

Just require all state-sponsored malware to be signed and verified by the a third party. I can see no reason why such a system would fail.

Just require all state-sponsored malware to be signed and verified by the a third party. I can see no reason why such a system would fail.

"Unable to launch nuclear missiles; The application was unable to contact the licensing server. If the problem persists, please contact your network administrator. The launch bay doors will now close."

"These people still do not understand the basics of networked systems. "yes they do, and probably better then you do.

" First, determining who's attacking. "often easier then you think. You act as if there isn't 100's of people smarter on you working on this every day. Don't make that mistake. I have seen virus traced to a single group with some pretty inventive ways. Plus, people talk more then you would think.

"Second, attacks that are meant to go after one thing can inadvertently hit something else (colla

----"You act as if there isn't 100's of people smarter on you working on this every day. Don't make that mistake. I have seen virus traced to a single group with some pretty inventive ways. Plus, people talk more then you would think."

This may be the case with many normal attacks, but once you start considering the sophistication of state sponsored attacks [which TFA is referring to], it becomes quite difficult to track down the true source. Most times this generally relies on the attacker making a mistake

"Second, attacks that are meant to go after one thing can inadvertently hit something else (collateral damage)."So, war was originally fought between kingdoms where the peasants didn't vote their king in. It was generally regarded as poor form to attack peasants because the kingdom relies on them regardless of who the king is. The king had a military, who fought other kings and other kings military.

In western society we evolved some strange rules of war, which evolved to 'civilized' war - when people would

The proposal might help if signatory nation states ever openly "went at it".

All such treaties and agreements are applicable only to the nations involved, but they do let both nations stand together and apply political pressure on non-NATO countries with a bit of mutually-reinforcing moral high ground:

We've agreed not to attack hospitals, so why do you still consider hospitals to be targets?

In war, even the complete destruction of your enemy doesn't guarantee victory. The goal is to win both the military battles and the political battles, so your control is recognized once the fighting stops. Fighting dirty might make military victories easier, but you'll piss off other s

Our military is very much aware of the new theater and have a heck of a lot more information about it than the average citizen. Attribution in conventional or unconventional non-nation state warfare as we see in the Middle East is not as simple as you make it out to be. A good example would be roadside bombs, where it's not immediately obvious which group was responsible. Someone of Arabic descent bombed the train, but which terror group did it?

They might leak and make a mess. And electric grids, boy, that would be inconvenient. And not water treatment plants, or traffic signals. And not banks or shops, either.

The Geneva Convention worked (mostly) because there were mutual prisoners of war who could be mistreated, and horrific effects all around from mustard gas. If Anonymous could post flashing GIFs on an epileptic support group web site for teh lulz, what makes anyone think an attacker will stop at a hospital's firewall?

what makes anyone think an attacker will stop at a hospital's firewall?

"Excellent question, Internet! To answer that, I'm going to turn the mic over to Government Man, a man from the government. Take it away, Government Man!"

Well, fellow Netizen, it's basically like this. We're the government. The government controls everything, starting with you. Now we know you get these things called liberties and freedoms and stuff, and we let you hold on to the notion that you have them, because they keep you in line. But make no mistake, we're in charge, not you. And we're not gonna have

That's the thing about cyberwar. Anyone can jump on the battlefield, from anywhere, at any time. You don't have to spend billions of dollars to field a standing army of cyberwarriors, or rabble-rouse your church members into forming a militia. You can be sitting alone in your mother's basement, muster up a couple thousand bots, and suddenly you're making as much impact on the world as the entire nation-state of North Korea. People who do that have shown themselves to have notoriously poor judgement when

The US and UK have learned from :
The French in Vietnam/Algeria,
The UK in Malaysia, Ireland
Russia in Afghanistan
Russia in Chechnya
South Africa and it long boarder wars
The death squads of Latin/South America.
To actually fight and win a war you end up with Iraq and NATO in Afghanistan - the body count, body bags, drone wars in Africa, Pakistan...
You have to hold the country, change the country and get a lot of locals to betray their country long term.
Better to use local/regional youth as "freedom figh

What, should the main page return a "Red Cross" or a "Red Crescent" or an appropriate meta-tag on a web-site's front page in order for it to qualify as an "off-limits" target? Will it be like saying "hey they're not really soldiers 'cause they're not wearing a uniform with patches 'n' shit!" forgetting that the USA's minute-men and civilian militia were definitely a rag-tag bunch of townies who also wore no uniform, while King George's men had their beautiful red-coats!.
Has the USA turned ourselves into the British colonial empire building with our own red-coats? Why would anyone think the USA would follow a NATO directive or another Geneva convention about "cyber-warfare" when the USA is currently unwilling to follow the already agreed-to Geneva Convention against torture and extra-ordinary rendition and recognition of the sovereignty of other states?

USA didn't join the Geneva Convention until 1862. And yes, the British would execute any rebels they caught, just like today ununiformed combatants are subject to summary battlefield execution. Also conveniently ignoring the Continental Army, which was a regular military force.

Everyone just breaks these sorts of rules whenever they feel like. It just provides an excuse to attack other countries shrouded in contrived legitimacy. If we want to attack a country for hacking into a dam we'll do it. If other countries want to be mad at us or even retaliate, they will do that. Pretending that we are just following some coherent rules is a joke, and this should be transparent to everyone.

Here is how this works:

1. We do what we want. This is the most important part. Example countries like Axistan are there for our benefit.

2. We invent rules giving us justification for attacking other countries and removing justification from other countries to attack us. Example A: Axistan is bad because they cyber attacked our hospitals and dams. We need to destroy them. Example B: Axistan attacked us for cyber attacking them, but since we attacked just about everything except their hospitals and dams, their retaliation was unjust and therefore they are the initial aggressors and now we must destroy them.

3. We pretend these rules are fair and implicitly agreed to by all other countries. Any country that would not agree to these terms is surely an evil country that gets what's coming to them anyway. So even though Axistan never agreed to this rule, we can still punish them for violating it.

4. When it doesn't work out the way we expected, and we need to break our own rules, that's ok because we still have all the guns, and the American people have a short memory. Oops it turns out we needed to cyber attack one of Axistan's dams. That's fine we'll just invent some reason why it was justified. You mean Axistan somehow managed to cyber attack us without hitting any hospitals or dams? Well lets just invent some reason why it actually broke our rules and lets attack them anyway.

All of this political bullshit is designed to trick a gullible American public that those in charge are righteous in our actions. I think this is giving far too much credit to the average American's ability to think critically. We can skip most of this show and dance. It would be less insulting to the intelligence of all involved if we just said "We're taking your stuff because we want to and we are bigger."

In a lot of ways we never really evolved past the politics of the playground. We just wear suits and use expendable high school kids with m-16s and m-1 tanks to pick on the other kids. We are a bully. But that's the way the world is. There are no adults to make us play nice or punish us. We're all bullies or victims or both. It's lord of the flies on a macro scale.

A multi national might own the dam~ think of the paperwork to a long term loan.
Better just to short out/ the city/national grid as its for the war effort - tell the press its for local radar, SAM sites.
Make good PR with the optics of a non lethal graphite bomb ie the "Blackout Bomb".
You can get 70%+ of that country's power grid anytime you want.

The Hermit Kingdom's obsession with propaganda and rewriting history, and common language and history with South Korea, seems to make it ideal for a "backdoor" cultural attack.

The modern equivalent of a propaganda leaflet drop. Smuggle, or even airdrop, OLPC-style satellite receivers into North Korea, able to receive dedicated Korean language info dumps from suitable satellites, as well as rebroadcasted live radio and (power willing) TV channels. News, music, live weather, etc. (And dedicated counter-propaganda channels.) And encyclopedias, text books, banned poetry/history/music, stored on the devices. Modular, repairable, with solar panels and crank-generators repurposeable to reduce the number of units turned in or destroyed.

Designed in South Korea, manufactured in China, a few hundred thousand units per year. Bargain.

[Designed well, they could be more generally suited to the poorest parts of the world. Charities might buy them, increasing the production size, reducing the per-unit costs.]